The Nyxem worm, which spreads through promises of pornographic videos and pictures, attacks Windows systems that hide file extensions for some known file types, the default setting for Windows XP and other versions, the U.S.-CERT advisory said Tuesday. Unsuspecting users may unknowingly infect their systems by clicking on the worm's icon, which looks like a WinZip file.
The worm disables security software and file-sharing programs, spreads itself to email addresses saved on the infected system and destroys files ending in doc, xls, mdb, mde, ppt, pps, zip, rar, pdf, psd and dm, the advisory said.
Additionally, the worm fools Windows into accepting a malicious ActiveX control by impersonating a digital signature that grants authorization, according to security firm Fortinet.
The worm has perplexed some experts because its motive appears to be disruption, not financial gain, bucking the trend of most of today's malware threats.
U.S.-CERT urged users and system administrators to install up-to-date anti-virus software, block executable and unknown files and avoid following unknown links, even if they come from a trusted source.